-
-
[原创]刚破解IRPTrace软件!
-
2009-6-15 21:03 8747
-
以下部份是创建框架装载图标部份,在IDA里输入G44F025就知道了.
0044F02D |. 56 push esi
0044F02E |. C705 18AB4F00>mov dword ptr [4FAB18], 0041949C ; ASCII "SOFTWARE\APSoft\IRPTrace"
0044F038 |. C705 24AC4F00>mov dword ptr [4FAC24], 00401194 ; ASCII "IRPTrace"
0044F042 |. E8 92060700 call 004BF6D9
0044F047 |. 8B40 0C mov eax, dword ptr [eax+C]
0044F04A |. 68 00010000 push 100 ; /RsrcName = 256.
0044F04F |. 50 push eax ; |hInst
0044F050 |. FF15 54125000 call dword ptr [<&USER32.LoadIconA>] ; \LoadIconA
0044F056 |. A3 28AC4F00 mov dword ptr [4FAC28], eax
0044F05B |. E8 79060700 call 004BF6D9
0044F060 |. 8B40 08 mov eax, dword ptr [eax+8]
0044F063 |. 68 C8000000 push 0C8 ; /RsrcName = 200.
0044F068 |. 50 push eax ; |hInst
0044F069 |. FF15 70135000 call dword ptr [<&USER32.LoadBitmapA>>; \LoadBitmapA
0044F06F |. A3 2CAC4F00 mov dword ptr [4FAC2C], eax
0044F074 |. C705 1CAB4F00>mov dword ptr [4FAB1C], 004F2A80 ; ASCII "aLCHEMY_dIRE_sTRAITS_lIVE"
0044F07E |. 8B83 CC000000 mov eax, dword ptr [ebx+CC]
0044F084 |. 83C9 FF or ecx, FFFFFFFF
0044F087 |. C1E8 04 shr eax, 4
0044F08A |. 83E0 01 and eax, 1
0044F08D |. 66:A3 32AC4F0>mov word ptr [4FAC32], ax
0044F093 |. 33C0 xor eax, eax
0044F095 |. F2:AE repne scas byte ptr es:[edi]
0044F097 |. F7D1 not ecx
0044F099 |. 2BF9 sub edi, ecx
0044F09B |. 8BC1 mov eax, ecx
0044F09D |. 8BF7 mov esi, edi
0044F09F |. BF 20AB4F00 mov edi, 004FAB20
0044F0A4 |. C1E9 02 shr ecx, 2
0044F0A7 |. F3:A5 rep movs dword ptr es:[edi], dword p>
0044F0A9 |. 8BC8 mov ecx, eax
0044F0AB |. 83E1 03 and ecx, 3
0044F0AE |. 803D 9A2A4F00>cmp byte ptr [4F2A9A], 0
0044F0B5 |. F3:A4 rep movs byte ptr es:[edi], byte ptr>
0044F0B7 |. 5E pop esi
0044F0B8 |. 74 11 je short 0044F0CB
0044F0BA |. 6A 01 push 1
0044F0BC |. 68 F8000000 push 0F8
0044F0C1 |. 68 9A2A4F00 push 004F2A9A ; ASCII "JE"
0044F0C6 |. E8 7F000000 call 0044F14A
0044F0CB |> 8BCB mov ecx, ebx
0044F0CD |. E8 41FF0600 call 004BF013
0044F0D2 |. 8D8D 38FFFFFF lea ecx, dword ptr [ebp-C8]
0044F0D8 |. E8 897C0600 call 004B6D66
0044F0DD |. 33C0 xor eax, eax
0044F0DF |. 8D8D 38FFFFFF lea ecx, dword ptr [ebp-C8]
0044F0E5 |. 50 push eax
0044F0E6 |. 50 push eax
0044F0E7 |. 50 push eax
0044F0E8 |. 50 push eax
0044F0E9 |. 68 40C74F00 push 004FC740
0044F0EE |. 68 0000CF00 push 0CF0000
0044F0F3 |. 68 90944100 push 00419490 ; ASCII "DummyDDEWnd"
0044F0F8 |. 50 push eax
0044F0F9 |. 8945 FC mov dword ptr [ebp-4], eax
0044F0FC |. E8 76840600 call 004B7577
0044F101 |. 834D FC FF or dword ptr [ebp-4], FFFFFFFF
0044F105 |. 8D8D 38FFFFFF lea ecx, dword ptr [ebp-C8]
0044F10B |. E8 347D0600 call 004B6E44
0044F110 |> F683 CC000000>test byte ptr [ebx+CC], 20
0044F117 |. 5F pop edi
0044F118 |. 5B pop ebx
把下面的
0044F119 /74 13 jnz short 0044F12E
改成
0044F119 /74 13 je short 0044F12E
就行了。
已经破解了的exe文件在附件里。
还在学习,希望大家多多教导我这个学生。
0044F02D |. 56 push esi
0044F02E |. C705 18AB4F00>mov dword ptr [4FAB18], 0041949C ; ASCII "SOFTWARE\APSoft\IRPTrace"
0044F038 |. C705 24AC4F00>mov dword ptr [4FAC24], 00401194 ; ASCII "IRPTrace"
0044F042 |. E8 92060700 call 004BF6D9
0044F047 |. 8B40 0C mov eax, dword ptr [eax+C]
0044F04A |. 68 00010000 push 100 ; /RsrcName = 256.
0044F04F |. 50 push eax ; |hInst
0044F050 |. FF15 54125000 call dword ptr [<&USER32.LoadIconA>] ; \LoadIconA
0044F056 |. A3 28AC4F00 mov dword ptr [4FAC28], eax
0044F05B |. E8 79060700 call 004BF6D9
0044F060 |. 8B40 08 mov eax, dword ptr [eax+8]
0044F063 |. 68 C8000000 push 0C8 ; /RsrcName = 200.
0044F068 |. 50 push eax ; |hInst
0044F069 |. FF15 70135000 call dword ptr [<&USER32.LoadBitmapA>>; \LoadBitmapA
0044F06F |. A3 2CAC4F00 mov dword ptr [4FAC2C], eax
0044F074 |. C705 1CAB4F00>mov dword ptr [4FAB1C], 004F2A80 ; ASCII "aLCHEMY_dIRE_sTRAITS_lIVE"
0044F07E |. 8B83 CC000000 mov eax, dword ptr [ebx+CC]
0044F084 |. 83C9 FF or ecx, FFFFFFFF
0044F087 |. C1E8 04 shr eax, 4
0044F08A |. 83E0 01 and eax, 1
0044F08D |. 66:A3 32AC4F0>mov word ptr [4FAC32], ax
0044F093 |. 33C0 xor eax, eax
0044F095 |. F2:AE repne scas byte ptr es:[edi]
0044F097 |. F7D1 not ecx
0044F099 |. 2BF9 sub edi, ecx
0044F09B |. 8BC1 mov eax, ecx
0044F09D |. 8BF7 mov esi, edi
0044F09F |. BF 20AB4F00 mov edi, 004FAB20
0044F0A4 |. C1E9 02 shr ecx, 2
0044F0A7 |. F3:A5 rep movs dword ptr es:[edi], dword p>
0044F0A9 |. 8BC8 mov ecx, eax
0044F0AB |. 83E1 03 and ecx, 3
0044F0AE |. 803D 9A2A4F00>cmp byte ptr [4F2A9A], 0
0044F0B5 |. F3:A4 rep movs byte ptr es:[edi], byte ptr>
0044F0B7 |. 5E pop esi
0044F0B8 |. 74 11 je short 0044F0CB
0044F0BA |. 6A 01 push 1
0044F0BC |. 68 F8000000 push 0F8
0044F0C1 |. 68 9A2A4F00 push 004F2A9A ; ASCII "JE"
0044F0C6 |. E8 7F000000 call 0044F14A
0044F0CB |> 8BCB mov ecx, ebx
0044F0CD |. E8 41FF0600 call 004BF013
0044F0D2 |. 8D8D 38FFFFFF lea ecx, dword ptr [ebp-C8]
0044F0D8 |. E8 897C0600 call 004B6D66
0044F0DD |. 33C0 xor eax, eax
0044F0DF |. 8D8D 38FFFFFF lea ecx, dword ptr [ebp-C8]
0044F0E5 |. 50 push eax
0044F0E6 |. 50 push eax
0044F0E7 |. 50 push eax
0044F0E8 |. 50 push eax
0044F0E9 |. 68 40C74F00 push 004FC740
0044F0EE |. 68 0000CF00 push 0CF0000
0044F0F3 |. 68 90944100 push 00419490 ; ASCII "DummyDDEWnd"
0044F0F8 |. 50 push eax
0044F0F9 |. 8945 FC mov dword ptr [ebp-4], eax
0044F0FC |. E8 76840600 call 004B7577
0044F101 |. 834D FC FF or dword ptr [ebp-4], FFFFFFFF
0044F105 |. 8D8D 38FFFFFF lea ecx, dword ptr [ebp-C8]
0044F10B |. E8 347D0600 call 004B6E44
0044F110 |> F683 CC000000>test byte ptr [ebx+CC], 20
0044F117 |. 5F pop edi
0044F118 |. 5B pop ebx
把下面的
0044F119 /74 13 jnz short 0044F12E
改成
0044F119 /74 13 je short 0044F12E
就行了。
已经破解了的exe文件在附件里。
还在学习,希望大家多多教导我这个学生。
[培训]二进制漏洞攻防(第3期);满10人开班;模糊测试与工具使用二次开发;网络协议漏洞挖掘;Linux内核漏洞挖掘与利用;AOSP漏洞挖掘与利用;代码审计。
赞赏
|
|
|---|---|
|
|
他的文章
谁下载
ugame
wangshy
xingbing
lsaturn
NCFZ
疯子阿虹
cxjnet
lvwx
zhangbonian
zhunanhao
空手剑客
bookses
zhrainbow
fazir
jilvensu
huangxw
silence
cham
poll
quby
lixing
gcolor
lovehaohui
xsoft
bitcof
上网鱼
xicao
天涯过客
jzhr
narciszu
mufasa
Hannibal
skylu
comewhere
NeteLife
wisent
pianoid
小麒麟
子夜
chua
netknight
千里之外
enjidragen
nwwfe
janyou
imdemon
lzhao
wzsy
zhiz
爱情三十
daemonwu
uniquely
漂亮宝贝
养殖者
roaring
littlewisp
skyercao
lcc点滴
discross
youzhsu
grm
penganfeng
kominx
kccp
gotiger
ayleaf
cdycdy
stoneBoy
riusksk
charleshwu
cffjfz
bbsaifei
sosopop
enze
jesterjy
whyasheng
mmxida
JohnsonGuo
snynistxu
gdteng
lmhmylsq
harybott
lynnux
yztgx
ielts
wengxiang
skypismire
huaxiang
epluguo
走过春天
lzqdkx
haochao
tonyjou
keellisa
liukeblue
harryman
connect
猫大王
linxinsnow
yerong
